Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM09A1FE91BB16B2C3E3140CC4383C5DE0D282C8D063A7079387A022418106A1D2
HistoryJun 17, 2018 - 3:49 p.m.

Security Bulletin: IBM HTTP Server Response Time module is affected by JavaScript injection vulnerability.

2018-06-1715:49:34
www.ibm.com
10

EPSS

0.001

Percentile

30.7%

JSON

Summary

IBM HTTP Server Response Time module, which is delivered as part of IBM Performance Management, has addressed the following vulnerability.

Vulnerability Details

CVEID: CVE-2018-1441**
DESCRIPTION:** IBM Application Performance Management - Response Time Monitoring Agent is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139597 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

IBM Cloud Application Performance Management, Advanced Private V8.1.4
IBM Cloud Application Performance Management V8.1.4
IBM Performance Management V8.1.3

Remediation/Fixes

Product

|

Product Version

|

APAR

|

Remediation / First Fix

—|—|—|—
IBM Cloud Application Performance Management - Monitoring Agent for HTTP Server| 8.1.4| D - PSIRT ALERT: 9519 Multiple Cross-Site Scripting Vulnerabilities- 8.1.4 (126567)| If you use the IBM HTTP Server Response Time module, the vulnerabilities can be remediated by applying the HTTP Server agent 8.1.4.0-IBM-APM-HTTP-SERVER-AGENT-IF0001 patch to all systems where this agent is installed:
_http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.4.0-IBM-APM-HTTP-SERVER-AGENT-IF0001&source=SAR_
IBM Performance Management - Monitoring Agent for HTTP Server| 8.1.3| D - PSIRT ALERT: 9519 Multiple Cross-Site Scripting Vulnerabilities- 8.1.3.x (128133)| If you use the IBM HTTP Server Response Time module, the vulnerabilities can be remediated by applying the HTTP Server agent 8.1.3.0-IBM-IPM-HTTP-SERVER-AGENT-IF0003 patch to all systems where this agent is installed:
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Tivoli+Monitoring&fixids=8.1.3.0-IBM-IPM-HTTP-SERVER-AGENT-IF0003&source=SAR

Related

cvelist 1
nvd 1
cve 1
prion 1
cvelist
cvelist
CVE-2018-1441
2018-03-14 00:00:00
nvd
nvd
CVE-2018-1441
2018-03-14 00:29:00
cve
cve
CVE-2018-1441
2018-03-14 00:29:00
prion
prion
Cross site scripting
2018-03-14 00:29:00

EPSS

0.001

Percentile

30.7%

JSON
Related for 09A1FE91BB16B2C3E3140CC4383C5DE0D282C8D063A7079387A022418106A1D2
cvelist1nvd1cve1prion1